CVE-2019-5227
published 2019-11-29CVE-2019-5227: P30, P30 Pro, Mate 20 smartphones with software of versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1), versions earlier than VOGUE-AL00A…
medium5.5CVSS 3.1
AVLACLPRNUIRSUCNIHAN
P30, P30 Pro, Mate 20 smartphones with software of versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1), versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R2P1), versions earlier than Hima-AL00B 9.1.0.135(C00E133R2P1) and HiSuite with versions earlier than HiSuite 9.1.0.305 have a version downgrade vulnerability. The device and HiSuite software do not validate the upgrade package sufficiently, so that the system of smartphone can be downgraded to an older version.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| huawei | hisuite_firmware | < 9.1.0.305 | 9.1.0.305 |
| huawei | mate_20_firmware | < hima-al00b_9.1.0.135\(c00e133r2p1\) | hima-al00b_9.1.0.135\(c00e133r2p1\) |
| huawei | p30_firmware | < elle-al00b_9.1.0.193\(c00e190r2p1\) | elle-al00b_9.1.0.193\(c00e190r2p1\) |
| huawei | p30_pro_firmware | < vogue-al00a_9.1.0.193\(c00e190r2p1\) | vogue-al00a_9.1.0.193\(c00e190r2p1\) |